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1 Claims 

2 

3 1 . A method, including the steps of 

4 maintaining a set of access control patterns in at least one associative mera- 

5 ory; 

6 receiving a packet label responsive to a packet, said packet label being suf- 

7 ficient to perform access control processing for said packet; 

8 matchmg matchable information, said matchable information being respon- 

9 ' sive to said packet label, with said set of access control patterns in parallel, and generat- 

10 ing a set of matches in response thereto, each said match having priority information as- 

11 sociated therewith; 

12 selecting at least one of said matches in response, to said priority informa- 

13 tion, and generating an access result in response to said at least one selected match; and 

14 -making a routing decision in response to said access result. 

15 . . 

16 2. A method as in claim 1, including the step of performing at least two 

17 of said steps of receiving, matching, selecting, and making a routmg decision, in parallel 

18 using a pipeline technique. 

19 

20 3. A method as in claim 1, wherein said access control patterns each 

21 include a bit pattern for matching and a mask pattern of bits not for matching. 

22 
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1 4. A method as in claim 1, wherein said access control patterns each 

2 include a set of ternary elements, each representative of a logical "0," logical "1", or 

3 "don't care" value. 

4 

5 5. A method as in claim 1, wherein said associative memory includes a 

6 hardware content-associative memory having a plurality of rows, each row including one 

7 of said access control patterns and one of said access results. 
8 

9 ■ 6. A method as in claim 1, wherein said associative memory includes a 

10 hardware content-associative memory having a plurality of rows, 

11 each row including a bit pattern for matching and one of said access results, 

12 and 

13 each row being associated with a pattern of bits not for matching, said set of 

14 patterns of bits not for matching being fewer than a number of said rows. 

15 

16 7. A method as in claim 1, wherein said associative memory includes a 

17 ternary content-associative memory. 

18 

19 8. A method as in claim 1, wherein said packet label includes a source 

20 EP address or subnet, a destination IP address or subnet, a source port, a destination port, a 

21 protocol specifier, or an input interface. 

22 



Sequence No.: 5826 



21 



Attorney Docket No.: M-9255-1CUS 

1 9. A method as in claim 1, wherein said priority information for each 

2 said access control pattern is responsive to a position of said access control pattern in a 

3 memory. 

4 

5 10. A method as in claim 1, wherein said priority information includes a 

6 position in said associative memory, and said step "of selecting includes choosing a first 

7 one of said matches. 

8 

l= =9 11. A method as in claim 1, wherein said routing decision includes a 

a!|o committed access rate decision. 

''J 

rib 12. A method as in claim 1, wherein said routing decision includes an 

} i 3 administrative policy decision regarding treatment of said packet. 

O 

yi4 ■ .. 

n,l5 13. A method as in clahn 1, wherein said routing decision includes de- 

16 termining an ou^ut interface for said packet. 

17 

18 14. A method as in claim 1, wherein said routing decision includes im- 

19 plementing a quality of service policy. 

20 

21 15. A method as in claim 1, wherein said routing decision includes per- 

22 mitting or denying access for said packet. 
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2 16. A method as in claim 1, wherein said step of generating said access 

3 result is responsive to a plurality of said at least one matches. 

4 

5 17. A method as in claim I, wherein said step of matching is performed 

6 in order of constant time, whereby said step of matching is perforraied in time not respon- 

7 sive to a number of said access control patterns. 
8 

g 18. A method as in claim 1, wherein said steps of matching and selecting 

: ' 10 are performed at a rate exceeding 1 megapacket per second. 

' -11 

r=i2 19. A method as in claim 1, including the step of making a preliminary 

'13 routing decision for said packet, wherein said packet routing information includes a result 

/ 14 of said preliminary routing decision. 

' -15 

16 20. A method as in claim 19, wherein said preliminary routing decision 

17 includes determining at least one output interface for said packet. 

18 

19 21. A method as in claim 19, wherein said packet routing information 

20 includes an output interface for said packet. 

21 
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1 22. A method as in claim 1, including the step of preprocessing said 

2 packet label to generate said matchable information. 

3 

4 23 . A method as in claim 22, wherein said step of preprocessing includes 

5 the steps of 

6 performing an arithmetic, logical, or comparison operation on said packet 

7 label; and 

8 generating a bit string for said matchable information in response to said 

9 arithmetic, logical, or comparison operation. 

10 

11 24. A method as in claim 22, wherein said step of preprocessing mcludes 

12 the step of comparing a field of said packet label with an arithmetic range or mask value. 
t3 

,4 - -25. A method as in claim 22, wherein said step of preprocessing includes 

15 the step of comparing a source IP port value or a destination IP port value with a selected 

16 port value. 

17 

18 26, A method as in claim 1, including the step of postprocessing said 

19 selected match to generate said access result. 

20 

21 27. A method as in claim 26, wherein said step of postprocessing in- 

22 eludes accessing a memory in response to a bitstring included in said selected match. 
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28. A method as in claim 1, wherein said set of access control patterns is 
responsive to a sequence of access control specifiers, each one of said sequence of access 
control specifiers declaring whether to permit or deny access for a set of packets. 

29. A method as in claim 28, wherein said step o.f maintaining includes 

the steps of 

receiving said sequence of access control specifiers; 

translating said sequence of access control specifiers into said sequence of 
access control patterns; and 

storing said sequence of access control patterns in said associative memory. 

30. A method as in claim 29, wherein said step of translating includes 
the step of generating a plurality of said access control patterns in response to one of said 
access control specifiers. 

31. A method as in claim 29, wherein said step of translating includes 
the step of generating a single one of said access control patterns in response to a plurality 
of said access control specifiers. 
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